PT-2023-20323 · Unknown · Metersphere

Lcxing

Publicado

2023-03-09

Atualizado

2023-03-15

CVE-2023-25814

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions metersphere versions prior to 2.7.1

Description The issue allows a user with permission to create a resource file through UI operations to append a path to their submission query, which will be read by the system and displayed to the user. This enables users to read arbitrary files on the server's filesystem, provided the server process has permission to read the requested files.

Recommendations For versions prior to 2.7.1, upgrade to version 2.7.1 to address the issue. There are no known workarounds for this issue.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-25814

GHSA-FWC3-5H55-MH2J

Produtos afetados

Metersphere

PT-2023-20323 · Unknown · Metersphere

CVE-2023-25814

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6